A data plane security model of segmented routing based on SDP trust enhancement architecture

Segment routing (SR) technology is a new network functional technology derived from MPLS technology and based on SDN. Combining SR with software-defined perimeter (SDP), a new network security technology, is expected to solve the traditional problems such as data monitoring, denial of service, and new threats such as loop attack and label detection faced by SR data plane. Focusing on the security management of access devices in the SR data plane, first, this paper proposes an SR security model SbSR (SDP-based SR) based on SDP trust enhancement architecture, then, two-level SDP AH trust verification mechanism and 4 trust management mechanisms including initial trust value, trust evaluation, trust renewal, trust inheritance are designed. In the trust evaluation mechanism as the core of the model, System cloud grey model (1,1) weighted Markov prediction model is introduced to obtain real-time trust based on the historical behavior of device nodes, and 4 indexes, namely benign message ratio, loyal forwarding ratio, forwarding ratio stationarity coefficient, packet rate stationarity coefficient, are introduced to distinguish malicious devices from normal devices. Finally, the simulation test results of 5 security functions and security costs show that the proposed architecture can solve port scanning, traffic monitoring, topology detection, loop attack, and DoS attack of SR network data plane with an average access delay cost of 2.84 s for each new network agent, and realize multi-faceted protection of SR network data plane.

www.nature.com/scientificreports/ used in the centralized model will not be repeated; the SR PCE used in the hybrid model is based on the NOS (Network Operating System) software used to abstract the entire network view on the designated router and is deployed as a network control functional component. SR PCE can provide a global network view for centralized applications in the application plane through the northbound interface through REST, NETCONF, and receives SR Policy, it can also initiate paths to data plane nodes through the southbound interface through PCEP, BGP, XML, and NETCONF. It is worth noting that the key automatic drainage and ODN functions in SR-TE reuse the automatic coloring mechanism of BGP and the distributed intelligence of nodes, and have nothing to do with the SDN controller 21,22 .   www.nature.com/scientificreports/ SR native security mechanism. As a new implementation of SDN, literature 1 pointed out that SR adopted a certain native security mechanism for security reasons, which is summarized into 5 categories in Table 1 in this paper. It can be seen that the protective effect of these endogenous safety mechanisms is relatively limited.
SR data plane security problems. At present, there is no systematic research on the security of the SR data plane. Since SR originates from SDN, we refer to SDN data plane security problems here. Literature 23 divides attacks on the SDN data plane into 3 types: device attack, protocol attacks, and side-channel attacks, and other literature also analyze these 3 types of threats respectively. Among them, in the aspect of equipment attack, literature 24 pointed out that OpenFlow switch flow table can be used to infer network parameters such  as flow table capacity and flow table usage with high accuracy; in terms of protocol attacks, literature 25 pointed out that malicious applications can install targeted flow rules by overwriting existing flow rules with matching fields that are not supported by hardware; in terms of side-channel attack, literature 26 points out that input buffer can be analyzed to identify forwarding rules, and packet processing time can be analyzed to identify forwarding strategies. According to Fig. 1 and Table 1, SDN data plane security problems and experimental tests, data plane security problems that cannot be solved by SR native security mechanism can be divided into traditional problems and new problems, among which, traditional problems include port scanning, traffic monitoring, denial of service attack, side-channel attack, protocol attack based on IGP/BGP routing protocol vulnerabilities, etc., and new problems include device attack based on software and hardware vulnerabilities of SR router, topology detection based on label detection, loop attack based on a directional label 27 , etc. Figure 2 illustrates some typical attack patterns studied in this paper, among which, Fig. 2a illustrates that attackers scan the open ports of network service resources through the SR network; Fig. 2b shows that the attacker monitors the communication traffic between devices in the SR network. Figure 2c shows that an attacker makes a DoS attack on SR network service resources; Fig. 2d shows that the attacker probes SR network topology and node labels by constructing specific probe messages. Figure 2e shows that the attacker makes a loop attack on the SR network by constructing a routing loop attack message and maliciously occupies the network bandwidth.
Existing SDN data plane security scheme and routing security scheme. In terms of existing SDN data plane security schemes, literature 28 analyze challenges involved in protecting SDN data plane comprehensively and provide an in-depth look into available solutions and point their limitations. Literature 29 presents a study and demonstration of some commonly seen internal security attacks and related countermeasures in programmable data planes using P4, a data-plane programming language, this study can provide users with the flexibility to add or drop security features in the deployed SDN switches. literature 30 propose a new SDNbased data plane architecture called DPX (Data Plane Extended) that natively supports security services as a  Then it will warn about attacks on the data plane and prevent malicious users from harming the network. Considering one nominal controller in charge of the data plane computation, literature 32 designed a second one to control the consistency of the decisions made by the controller. Compared to related works, no direct exchanges between the controllers are required in this solution. In the aspect of routing security scheme, in literature 33 , probabilistic framework is proposed that facilitates data routing between the nodes and local cloud in an IoT network coupled with a multitier trust and encryption scheme for secure data delivery in the cloud-based IoT network. literature 34 presents a security-aware routing mechanism and discusses with quality of service (QoS) factors such as throughput and accuracy for improving routing mechanism. In literature 35 , a multi-path QoS (quality of service) routing security algorithm based on blockchain by improving the traditional AODV (ad hoc on-demand distance vector) protocol is proposed, effectively in improving security and QoS. However, the above methods do not provide an overall protection solution from the perspective of zero-trust. The comparison between them and the scheme proposed in this paper is shown in Table 2.

Design of SbSR model
To build an SR security model based on SDP architecture, improve the security performance of SR data plane and reduce the security overhead, firstly, map SDP IH and network resources to SR data plane; then, an improved SDP trust enhancement architecture and SR data plane security model based on the former are proposed. Finally, the SPA package is designed.
Data plane mapping of SDP IH and network resources. Because SDP IH needs to be regarded as a network agent binding users and devices under the zero-trust architecture, and it should be deployed in the SR network data plane, not as an OpenFlow switch only responsible for forwarding and processing, so it needs to be modeled and mapped to a data plane network agent with only the functional attributes and user identities of the bottom 3 layers of OSI, that is, SDP IH is mapped to a network agent N − agent running on the data plane through the data plane mapping function , as shown in formula (1) and (2). User ID UID is defined by formula (3), where Ŵ is the attribute-identity mapping function, ID user is the user attribute set, User N are user names, User C are user categories, and User P are preset permissions for users; access objects such as network resources are mapped and modeled as data plane service resources similarly, as shown in Fig. 3. www.nature.com/scientificreports/ SbSR (SDP-based SR) model design. SDP trust enhancement architecture. In this paper, the proposed SR data plane security model based on SDP trust enhancement architecture is called SbSR. Compared with SDP basic architecture, the SDP trust enhancement architecture introduced in this paper mainly focuses on the key security factor of trust and adds the following three mechanisms. Firstly, control plane information synchronization. In the SbSR model, there are two modes in the control plane: SDN controller + SDP controller and SR PCE + SDP controller, and mutual transport layer security (mTLS) 36 connection is established to ensure information synchronization and control signaling transmission security. In both modes, the SDP controller is deployed in the direct communication channel of authentication traffic upload and control signaling to realize authentication evaluation of access hosts in the domain. The difference is that in the mode of "SDN controller + SDP controller", SDN controllers supporting SR such as Open-Daylight are used to control the SR router; in the mode of "SR PCE + SDP controller", physical or virtual routing nodes (such as Cisco IOS XR router) are used to enable the SR PCE function as SR PCE to control the SR router. SDN controllers and SR PCEs can be deployed in multiple units to achieve load balancing and disaster recovery.
Secondly, SDP AH two-level authentication. Two levels of SDP AH are deployed in the SbSR model, one is deployed between SDP IH and SR domain entrance router, and is called SDP AH ent , as shown in AH0 in Fig. 4, which is used to hide the network topology, that is, before SDP IH accesses SR domain router, it needs to request the SDP controller for authentication through SDP AH, and the classical SDP access process needs to be improved here, which is described in detail in "SR data plane security problems" section. The other one is deployed between the SR router and service resource as the Provider Edge (PE) node, which is called SDP AH ser , as shown in AH1 in Fig. 4, and is used to hide network services and prevent attackers from grasping the port information of service resource. Two-level access control mechanisms are set for SDP IH corresponding to the two SDP AH deployment positions, that is, SDP IH is allowed to access the router after its trust value reaches the SR domain access threshold, and can only access the service resource after the trust value reaches the designated service resource trust threshold. The reason why the two-level access control mechanism is set is that different service resources have different trust threshold requirements. Imagine that if the SDP AH ser for service resources is canceled and only the SDP AH ent at the domain entrance is kept, if the SDP AH deployed at the domain entrance sets a unified trust threshold for service resources at this time, the fine-grained control of SDP IH's access to various remote service resources cannot be realized. If SDP AH ent manages and controls all kinds of remote service resources in a classified and integrated way, it will increase the access delay of normal SDP IH too much, and when adding new service resources, it is necessary to change the integrated SDP AH ent to reduce the network scalability. If SDP AH ent is canceled, it will not be possible to verify the behavior of hosts outside the domain after accessing the network. www.nature.com/scientificreports/ Thirdly, the trust management mechanism. It will be introduced in detail in "SbSR trust enhancement management mechanism" section after introducing the SbSR model architecture and access mechanism.
SbSR model architecture. Figure 4 shows the basic architecture of the SbSR security model, in which the application plane consists of SR applications and SDP applications such as PKI (Public Key Infrastructure), LDAP (Lightweight Directory Access Protocol), and device authentication. The control plane consists of an SDP controller and SDN controller/SR PCE. In the data plane, users, hosts of the public network, and server groups of the resource network are mapped to SDP IH and service resources respectively through the data plane mapping function , in which some SDP IH may be malicious, and the data plane switching equipment is SR router, which is assigned SID in advance. To ensure the security of the control plane, SDP/SDN controller and SR PCE only connect routers and applications in the SR domain and do not connect any network elements outside the domain, thus reducing the network attack surface to SDP IH. Based on this attack surface condition and focusing on data-plane security, the original control plane components and SR router of the SR network are trusted by default.
Communication between SR and non-SR components in the SbSR model. To ensure that SR components such as SR PCE/SDN controller and SR router in SR domain communicate with non-SR components such as SDP IH and SDP AH normally, the following control plane and data plane SR/ non-SR component communication mechanisms are designed.
Control plane. The MPLS architecture supports the coexistence of non-SR control plane protocols such as LDP, RSVP-TE, and SR control plane protocols such as OSPF, ISIS, and BGP. Therefore, by running MPLS Label Manager (LM) components in the MPLS control plane of each node, local labels distributed by different label distribution protocols will not conflict.
Data plane. The LM component of each node guarantees the unique distribution of local labels so that LSP (Label Switching Path) generated by different MPLS control plane protocols can coexist. Therefore, the communication between SR components and non-SR components mainly involves two scenarios: one is MPLS to IP, such as SR router transmits data messages to SDP IH/SDP AH that does not support MPLS; second, IP to MPLS, such as SDP IH/SDP AH which does not support MPLS, transmits data and authentication packets to SR router.
In the MPLS-to-IP communication scenario, the traffic is sent out by SR routing equipment and the inbound label is not empty. Because the LM component management of each node ensures that the local label is unique, the forwarding entries from MPLS to MPLS/IP are in one-to-one correspondence with the local/inbound labels, these MPLS forwarding entries can coexist. As shown in Fig. 5, nodes A, B, C, D, and E all enable SR and LDP, among which, Nodes A, B, C, and D adopt the default SRGB [16000-23999]. Node E announces its loopback address prefix 1.1.1.5/32 and its corresponding Prefix-SID index 5, and requests the default penultimate pop-up operation for this Prefix-SID. At this time, the local label assigned by nodes A, B, C, and D to the Prefix-SID of node E is 16,005 SRGB starting value 16,000+ index value 5), the LDP label is assigned and announced for the loopback address prefix of node E, and the LDP local label assigned by node A to the loopback address prefix of node E is 90,005(LDP label range starting value 90,000+ index value 5). In the label stack of each node in Fig. 5, the left side is the inbound/local label and the right side is the outbound label. When the data packet with the top label of 16,005 arrives at node A, it will be forwarded to nodes B and C in turn according to the green label entry in the figure and the SR penultimate hop operation with the type of "switching". At node D, the top label is popped up, and at node E, the packet is processed based on the new header exposed after popping up the top label. When the packet top-labeled 90,005 enters node A, the operation is similar.
In the IP-to-MPLS communication scenario, for example, SDP IH requests the SDP controller to verify its identity, when the IP traffic with an empty inbound label reaches the SR domain entry node, it is divided into FEC (Forwarding Equivalence Class) by matching the longest prefix of the destination address, and then SR www.nature.com/scientificreports/ label is pressed into the packet according to FEC, as shown in Fig. 6, all nodes are enabled with SR, and the label configuration is the same as that in Fig. 5. When the unlabeled IP data packet arrives at node A, it is pushed into SR label 16,005, and forwarded to nodes B and C in turn according to the green label entry, with the penultimate hop operation of type "Exchange", the top label is popped up at node D, and the data packet is processed at node E based on the new packet header exposed after popping up the top label.

Mechanism and overhead of SbSR model
SbSR access mechanism. The access mechanism of SbSR is: to implement trust management for SDP IH, which is the possible attack surface of the network, that is, providing the east-west access control mechanism of the data plane to prevent the malicious SDP IH from moving horizontally after accessing the network, specifically according to the following access process.
Step 1 Assign the SRGB label to the routers in the SR domain and enable SR service.
Step 2 SDP controller goes online, connects to external authentication and authorization SDP application, and establishes mTLS connection with SDN controller/SR PCE in the domain; meanwhile, mTLS connection is also established between SDN controller/SR PCE.
Step 3 Two levels of SDP AH are connected in series to the domain entrance node and service resources respectively. By default, the "drop-all" access strategy is adopted, and all visiting data packets are discarded (but the SPA knocking data packets are recognized, and only those that pass the verification are responded to). SDP AH transmits its SPA packets to the SDP controller through the directly connected routing device to request its authentication identity. If the authentication passes, the mTLS connection is established between the SDP controller and SDP AH through the routing device.
Step 4 Before an SDP IH accesses the SR network, it accesses the network agent authentication component of the application plane in advance, and the latter reads its security information items and enters them into the network agent security information database.
Step 5 SDP IH connects to the routing device through SDP AH ent , and sends the SPA authentication package containing its N − agent information to SDP AH ent . SDP AH ent does not respond, and forwards it directly to the SDP controller through the domain entrance routing node, requesting its authentication identity and issuing access credentials.
Step 6 The SDP controller calls the application plane identity authentication authorization component to authenticate the SDP IH identity. If it passes, it authorizes the accessible SDP AH list, temporary access credentials, and policies, but does not send them for the time being.
Step 7 SDP controller informs all SDP AHs involved in authorization list of authorized SDP IH identity, temporary access credentials, and policies through mTLS link.
Step 8 SDP AH ent modifies its own packet filtering rules and informs SDP IH of its accessible SDP AH list, temporary access credentials, and policies.
Step 9 SDP IH uses the access credentials of SDP AH ent and its SPA package to establish mTLS connection with SDP AH ent and obtain the access right of SR domain data plane; if SDP IH needs to access SDP AH ser , it takes the domain entry node as the head node, generates a Segment list to the SDP AH ser directly connected routing device, and presses into the packet header, taking SPA containing access credentials as the packet load, requests access to the specific SDP AH ser through the SR source routing transmission mechanism and establishes mTLS connection for it through the intermediate router after verification. At this time, the normal SDP IH will successfully access the service resources protected by SDP AH because the authentication authorization is passed, as shown by the green line in Fig. 4; Malicious IH will fail to authenticate and cannot be accessed because it cannot obtain access credentials, as shown by the red line in Fig. 4.
Step 10 SDP AH ent , which is directly connected by SDP IH, conducts continuous trust evaluation on its behavior during the visit. If its trust value is higher than its trust threshold when SDP IH temporary access credentials expire, it is allowed to renew its credit lease and postpone its credentials; otherwise, close the corresponding mTLS connection, and the connection can only be restored after re-verification by SDP controller. www.nature.com/scientificreports/ SbSR trust enhancement management mechanism. As the basis of the SbSR model, the SDP trust enhancement architecture is essentially a zero-trust architecture, the core of which is trust enhancement management. To fully consider trust, some common attack styles are defined first. Definition 1 Switch attack. The attack in which malicious nodes sometimes take benign or malicious actions to confuse security checks. Definition 2 Masquerade attack. The attack in which malicious nodes hides their malicious behavior according to the detection rules during verification, and executes the malicious behavior after it passes the verification.
Definition 3 Unknown attack. The attack which pattern is unknown and the existing verification rules cannot match.
User ID code, device ID code, and SDP AH trust threshold. The SDP controller evaluates the trust of SDP IH, mainly considering trust value its corresponding N − agent , including user trust and device trust. We set twolevel ID codes for users and devices according to different granularity, and defining the primary ID code of user i as shown in formula (4), which is used to encrypt and identify different user IDs in the SR domain; as shown in formula (5), the secondary ID code is used to identify the instantaneous identities of different users, timestamp is the time stamp and accurate to seconds, it is used to provide time factors for user identities; the primary ID code of the device j is shown in formula (6), which is used to encrypt and identify different devices in SR domain; the secondary ID code is shown in formula (7), which is used to identify different interfaces of different devices.
In formula (4) and (5), Key seed is preset by the administrator in the authentication component in the application plane, and can't be read. It can only be verified by the "challenge-response" mechanism, and users can use it by dedicated authentication accessory hardware or by human memory (in fact, once Key seed leaked, it will not fundamentally endanger the security of the SR domain. ID i is the unique ID of user i, such as the 18-digit ID number, and the identity of user should be verified by biometrics in a qualified verification environment; IP j ,MAC j ,Interface k j is the IP address of device j for access, the MAC address of the corresponding network card and the k interface respectively.
At the same time, set the trust threshold for all SDP AHs in the domain, and set the trust threshold of SDP AH m as Th m .
Trust initial value, trust evaluation, trust renewal, and trust inheritance mechanism. In the zero trust architecture, no subjective default trust is granted to any user or device. To improve its service performance and reduce the workload of trust granting based on ensuring the security of SbSR architecture, it is necessary to balance the granularity of trust management and trust management overhead. Therefore, referring to the historical performance of network agents, 4 mechanisms of initial trust value, trust evaluation, trust renewal, and trust inheritance are set up. Among them, the initial trust mechanism is used to grant initial trust to the network agent for the first time; trust evaluation mechanism, which is used for obtaining current trust by real-time evaluation of the behavior of the network agent after accessing the network; trust renewal mechanism, which is used to allow normal network agent renewal trust after accessing the network, and to extend the use period of access credentials; trust inheritance mechanism, which is used to allow the new network agent associated with the existing network agent to inherit part of its trust value when entering the network.
Trust initial value mechanism. To cancel the default trust, when initial trust is granted to users and devices that do not record the corresponding primary ID code in the authentication component, the default trust value of 0 is granted to them. When granting initial trust to new network agents, on the one hand, multi-factor authen- www.nature.com/scientificreports/ tication information such as firewall version and port opening of the network agent's own device is difficult to be transmitted through a single SPA package; on the other hand, malicious network agents may intentionally upload "perfect information" or cheat SDP controller through replay attacks, so before a network agent accesses SR network, it is forced to access the network agent authentication component of the application plane in advance, and the latter reads its security information items and enters them into the network agent security information database. Table 3 lists some items of network agents' security information.
When the network agent requests the SDP controller to verify the identity, the SDP controller uses the primary ID code of the user and device contained in its SPA package to match in the network agent security information base and calls the external information source to check whether there is any malicious behavior record of the corresponding user or device. There are 2 ways to grant initial trust here: Method 1: Directly grant the domain minimum access right to the nodes with no malicious history and complete identity information after investigation, that is, grant them the access certificate set CertA of SDP AH list AH A that meets the trust threshold and the validity period t CERT IH0 i of the certificate Cert IH0 i , where AH A and CertA are shown in formulas (8) and (9) respectively; then, evaluate their trust based on their real-time behavior. Those who have a record of malicious acts will not be authorized. This method can realize fast authorization, but its disadvantage is that it requires high real-time and security of trust evaluation algorithm.
Method 2: SDP controller uses its trust calculation engine to grant the 3-level evaluation coefficient α, β, γ satisfying formula (10) to the first, second, and third-level indexes of network agent security information items, then check and calculate network agent's trust value item by item based on all security information items, and grants initial trust to nodes satisfying formula (11) if there is no malicious behavior record, but this method cannot cope with the masquerade attack and unknown attack.
In this paper, method 1 is adopted to grant initial trust, that is, after examination, the initial trust value of Th SDPAH ent is directly granted to the node, so that it can just access the router in the domain. This is because "looking forward" unknown attacks are difficult to avoid fundamentally, while "looking backward" evaluation of historical behavior of nodes is relatively easy to realize.
Trust evaluation mechanism. The access node's trust history behavior is evaluated in real-time, and the normal behavior is defined as packets sent by SDP IH are not SR label probe packets or SR label loop packets, and the received messages are faithfully forwarded 37 . Therefore, 4 indexes, benign message ratio, loyal forwarding ratio, packet rate stationarity coefficient, and forwarding ratio stationarity coefficient, are introduced 38 .
Index 1 Benign message ratio. The proportion of non-SR label detection packets or label loop packets in the messages sent by the node. Index 2 Loyalty forwarding ratio. The proportion of the number of messages actually forwarded by a node in the total number of messages that should be forwarded.
Index 3 Forwarding ratio stability coefficient. The stability of the node loyalty forwarding ratio sequence (measured according to the gray prediction model). Index 4 Packet rate smoothness coefficient. The smoothness of the flow rate sequence sent by the node to the SR network (measured according to the gray prediction model).
First of all, to consider index 1, SDP AH needs to check whether the MPLS header label in the received packet has a quantitative relationship such as increasing and decreasing, and then judge whether it is an SR label probe packet because the label probe packet is usually based on hop-by-hop detection of the MPLS label increasing for unknown labels, that is, there must be a certain amount of relationship in the MPLS header label of the packet detection packet.
In addition, SDP AH needs to judge whether there is a label loop in the received MPLS header. Because the judgment of label loop cannot be based solely on whether there are duplicate labels in the MPLS label stack, it needs to be combined with SR topology information, which is beyond the capability range of SDP AH. Here, the negative feedback of bandwidth decrease is used to consider whether there is a routing looping attack packet, that is, when the available bandwidth of SR network decreases, it is judged whether there is a looping packet, and then it is judged whether the node sends a routing loop attack packet based on the traceability of the source IP in the loop packet. The node with index 1 lower than 1 is punished by trust, and if it continues to send SR label probe packets or routing loop packets, its access connection will be blocked.
Secondly, to consider indexes 2 and 3, the communication period from the establishment of mTLS connection to the evaluation time is regarded as the evaluation interval T, which is divided into t segment evaluation intervals. It is considered that normal SDP IH tends to faithfully forward data normally with a high probability (the probability is not less than 0.5), while malicious SDP IH is unfaithful, that is, it forwards data normally with a low probability (the probability is less than 0.5). If the number of messages that SDP IH should forward in the www.nature.com/scientificreports/ j-th segment evaluation interval is f 1 , and the number of packets actually forwarded is f 2 , the loyalty forwarding ratio of the SDP IH in this evaluation interval is calculated as shown in formula (12) 37 .
Based on maintaining normal forwarding, the SDP IH node carrying out a DoS attack maliciously increases the transmission traffic to SDP AH, at this time F j AH,IH can't be used as a valid index for judging the malicious behavior of the node. Therefore, it is necessary to consider index 4, that is, measure the stationarity of SDP IH to SDP AH outbound forwarding traffic rate sequence V AH,IH within the evaluation interval of the t segment. According to the grey prediction model, the defined ratio sequence ε and the packet rate stationary coefficient µ are shown in formulas (13) and (14) respectively, and those ε i satisfying formula (15) are regarded as fluctuation values 37 .
To distinguish between normal high-traffic data transmission and malicious denial of service attacks, the bandwidth of the service resources Server and SDP controller with the lowest service performance (measured by bandwidth) is set as min(Server|SDP C ) here. Once the expression (16) is satisfied, it is treated as a DoS attack and the network connection of this SDP IH is immediately cut off, its access credentials are cleared, and its behavior is recorded in the network agent security information base.
If the number of interactive messages between nodes is too small in the evaluation interval T, and the calculation of the loyalty forwarding ratio of SDP IH will produce big errors, therefore, an interactive function δ(n) is introduced. In the function design, arctan(n) which monotonically increases with the increase of the number of interactive messages n and gradually approaches π 2 is optimized as shown in formula (17) 37 , so that it approaches 1 with the increase of n, which can be used for adjusting F j AH,IH .
After adjustment, when n is not 0, F j AH,IH is shown in formula (18), where F 0 is the default forwarding ratio of SDP IH, that is, the initial message forwarding ratio when there is no interaction with SDP AH, and when n is 0, F j AH,IH is shown in formula (19).
At this time, the SDP IH loyalty forwarding ratio sequence F corresponding to the available t segment evaluation interval can be calculated, and it can be used to predict F t+1 AH,IH . On the premise that formula (16) is not satisfied, F t+1 AH,IH will be regarded as the trust value currently evaluated by SDP AH based on SDP IH historical performance, that is, the trust value given by the node is equal to its loyalty forwarding degree. The sequence F and the ratio sequence τ derived from F is shown in formula (20) and (21).
Considering that malicious nodes may use switch attacks to mislead the prediction based on SDP IH historical behavior, it is judged whether there is a switch attack based on the sequence F. If there is a switch attack, the sequence F will have multiple overall migrations with each fluctuation. Therefore, the fluctuations in the sequence are divided into accidental fluctuations and migration fluctuations, in which the sequence will quickly return to normal after accidental fluctuations, while migration fluctuations will lead to overall migration of numerical distribution of the sequence. To separate the fluctuation value from the sequence F , according to the grey  (14), the forwarding ratio stationarity coefficient θ is defined as shown in formula (22) based on the ratio sequence τ.
The value τ l satisfying formula (23) is regarded as the fluctuation value.
The sequence consisting of all the fluctuation values is regarded as a fluctuation sequence W , and the sequence τ from which the fluctuation values are removed is recorded as τ ′ . To measure the increment caused by fluctuation of the series, the variable t of t is introduced to satisfy the expression (24).
If the fluctuation values in the fluctuation sequence W are all migration fluctuations, and 1 and − 1 appear alternately in the sequence t , then SDP IH is likely to implement a switch attack. At this time, it is determined that it is a malicious node, and judge it is not trusted and entered its behavior into the network agent security information base.
After eliminating the possibility of switch attack, F t+1 AH,IH will be predicted based on the sequence F , SCGM (1,1) weighted Markov prediction model is specifically adopted. At this time, according to whether F t AH,IH is accidental fluctuation in the nearest evaluation interval from F t+1 AH,IH , the following calculation of F t+1 AH,IH is made 37 : (1) If F t AH,IH is an accidental fluctuation, F t+1 AH,IH is quite different from F t AH,IH , but close to the non-fluctuation value in the series, so it is directly predicted by SCGM (1,1) weighted Markov prediction model, as shown in formula (25).
(2) If F t AH,IH is non-fluctuation or migration fluctuation, F t+1 AH,IH is close to F t AH,IH at this time, and F t+1 AH,IH is predicted by the above prediction model and F t AH,IH , as shown in formula (26).
Through the above evaluation process, the real-time trust of SDP IH can be obtained, as shown in formula (27).
Trust renewal mechanism. When the SDP IH access credentials expire, if its real-time trust value is higher than the trust threshold of a certain SDP AH, it is allowed to renew the trust credentials equivalent to that SDP AH. At this time, the trust value of SDP IH TV IH i (l) is a variable of the number of renewal rounds l. To make its trust increase with the number of rounds l, the trust gain brought by each renewal round decreases, the trust gain brought by renewal is not more than 1/2, and the total trust value is not more than 1, as shown in formula (28), there are two types of commonly used growth convex functions that meet the conditions, y1, and y2. Here we choose the exponential function and design the trust value TV IH i (l) growth mechanism as shown in formulas (29) and (30).
At the same time, to prevent the unknown threats that the above 4 indexes failed to detect, SDP IH is not allowed to renew the lease permanently. Therefore, from the first round of renewal, an attenuation factor p that increases with the network access time t is introduced for SDP IH's trust value, which only acts on the historical trust in the last round of renewal of trust. If the temporary access credentials are valid for k, the trust attenuation function is set as shown in formula (31).
Finally, punish the bad operations of SDP IH that are not measured by indexes 1-4, such as logging in with wrong access credentials, and the negative feedback accumulates on its trust value. To ensure that the first negative feedback is low (because the trust degree is the maximum of 1, the first negative feedback is set to be www.nature.com/scientificreports/ less than 0.1 here), and gradually increase with the increase of negative feedback, by modifying the function y1 based on the initial requirements, the trust penalty function is set as shown in formula (32), in which m is the number of bad operations.
The attenuation factor and penalty factor are added to formula (29), and the correction is shown in formulas (33) and (34).
If the trust of an SDP IH is degraded due to excessive malicious behavior, the user is suspended from using his Key seed to prevent his subsequent application for authentication; at the same time, the malicious packets such as loop packets and probe packets in the network will be cleared.
Trust inheritance mechanism. To realize a "quick start", speed up the access of network agents to service resources, and set up a trust inheritance mechanism. The user who has recorded the primary ID code and no malicious behavior record in the network agent is regarded as an "old user". After the initial trust is granted to the user, refer to the trust value of the network agent corresponding to the secondary ID code of the user in the recent time interval, and multiply it by a unified user confidence factor ν to give the network agent a trust value increment, as shown in formula (35). The user confidence factor ν is determined by the trust performance of all users in the network in recent time, which is used to ensure that the network agent can reduce verification moderately, as shown in formula (36), where is the user confidence factor determining function.
The device with the primary ID code recorded but the secondary ID code not recorded in the network agent is regarded as the "old device" with the "new port". After the initial trust is granted to it, the trust value of the network agent is incremented by referring to the minimum trust value of each port where the device is connected to the network and multiplying by the uniform device confidence factor σ , as shown in formula (37). σ is determined by the trust performance of all access devices in the network in the recent period, as shown in formula (38), where is the device confidence factor determining function.
If the secondary ID code of the device in the network agent has been recorded, the device is regarded as the "old device" using the "old port". After the initial trust value is granted to the device, refer to the trust value of the device when it used the port to maintain a normal connection in the network last time, multiply it by the device confidence factor σ , and give an increment to the trust value of the network agent, as shown in formula (39). www.nature.com/scientificreports/ SPA package settings. To reduce the network attack surface, the SPA package adopts connectionless UDP package 39 by default, as shown in Fig. 7a and b respectively, that is, when SDP IH requests the SDP controller to verify its own identity, the SPA packet load includes its 32-byte identity information (16-byte primary ID code of user and 16-byte primary ID code of device), timestamp used to prevent replay attacks, 16-byte random data, and message digest HAMC; after the SDP controller issues the private key used to verify the access credentials of the SDP IH to the SDP AH, and then issues the access credentials carried by the certificate and the public key of the SDP AH to the SDP IH, then the SDP IH requests the SDP AH to verify with a SPA package, its payload is an encrypted certificate, identity information, timestamp, 16-byte random data and corresponding HMAC encrypted with a public key. SDP AH uses its private key to decrypt and verify the validity of the certificate. The HMAC attached to the two kinds of SPA packages are shown in formulas (40) and (41) respectively.
SbSR overhead analysis. The security overhead of the SDP access control mechanism introduced by SbSR model can be divided into four parts: component activation, access control, credential verification, and component synchronization, which are measured by time delay.
Component activation overhead. Refers to the time taken by all SDP components from activation to service start after accessing the SR domain, and it is generated at once for all.
Referring to the open-source SDP implementation example, this process takes seconds.
Access control overhead. Refers to the cost of access control for network agents accessing the network, which is divided into four aspects: initial trust evaluation, trust evaluation, trust renewal, and inheritance evaluation. Among them, in the initial evaluation of trust, it is necessary to conduct 16-byte value matching according to the primary ID code of user and device in malicious behavior records of users and devices at the same time respectively. If the number of users accessing the network is n and the number of devices is m, the trust engine can calculate the number of 16-byte records to be matched every millisecond as k, because there is formula (42) in the network, the delay cost is much less than 1 ms, which can be ignored. When evaluating trust, the trust engine component set in SDP AH ent is used to evaluate at every evaluation interval t (set less than 1 s), and the evaluation is synchronized with network forwarding, since the evaluation time is less than t, so the magnitude of evaluation is sub-second; when the trust is renewed, the real-time trust only needs to be calculated one by one for the number of network agents n N−agent at the expiration of each round of trust credentials, while the number of network agents satisfies the formula (43), and the delay is less than the delay of trust evaluation, and the magnitude is sub-second. When trust is inherited, it only needs to match the users and devices of the network agent, so the delay is also less than 1 ms.

Credential verification overhead.
Refers to the cost of SDP AH's verification of access credentials provided by SDP IH, that is, using the public key to verify some 16-byte certificates, which takes far less than 1 ms and can be ignored.  www.nature.com/scientificreports/ Component synchronization overhead. Refers to the synchronization delay overhead between the control plane SR PCE/SDN controller and SDP controller, and the synchronization overhead between the two levels of SDP AH in the data plane. Because only the state data needs to be transmitted, this part of the delay is less than the access control delay. As shown in Fig. 8, due to the access control, credential verification, and component synchronization are parallel, the impact of four types of incremental delays in SbSR model on the network depends on the sum of the component startup delay and the maximum delay of the last 3 items in a certain system cycle. According to the above analysis, it is known that the delay is in the order of seconds. In addition, an SDP IH can obtain access credentials of multiple SDP AHs by requesting authorization from the SDP controller once, and one SDP AH can be used to protect multiple service resources, that is, after SDP IH obtains the access rights of an SDP AH, it can use the same access ticket to access multiple resources, which avoids more overhead, so the security overhead brought by SbSR is acceptable.

Simulation test and analysis
Simulation environment. EVE In the data plane, the fwknop module (used to implement SPA authorization protocol) is set in virtual machine VM3 as SDP IH, fwknop module and iptables 1.8 firewall are set in virtual machines VM4 and VM6 as SDP AH ent and SDP AH ser respectively, virtual machine VM5 is set as MITM attacker, and virtual machine VM7 with Web service is set as a service resource. The switching network is composed of SR routers R1, R2, and R3, which are directly interconnected with other virtual machines in the EVE-NG simulation topology, their SIDs are configured as 16,001, 16,002, and 16,003. The trust management mechanism is implemented based on the SDP controller and other open-source components. The trust threshold is set as 0.5 for SDP AH ent , and the trust threshold is set as 0.8 for SDP AH ser . The Iperf3.1 tool is used to inject network background traffic slowly at an average rate of 1 Mbps. The experimental environment configuration is shown in Table 4, and the topology is shown in Fig. 9, in which the IP of R1, R2 and R3 interfaces with the control plane network element can be known by referring to the IP of the control plane network element, which has been omitted appropriately, and the VM5, Switch and links marked by the yellow dotted line are used for testing, which are not enabled by default.

Safety function and performance overhead test.
In terms of security function tests, the SDP components in the experimental topology are disabled and enabled respectively to compare the SbSR scheme with the baseline SR scheme to test the security functions of the proposed architecture. The first is port scanning test, namely scanning the service port of VM7 based on VM3 by the hping3 3.0.0 tool.
Second, traffic monitoring test, cut off the direct link of VM6 and VM7, and enable VM5, Switch and communication links marked by the yellow dotted line, then launch a man-in-the-middle attack based on VM5, which is in the same subnet as VM6 and VM7, namely tampering with the traffic path through ARP spoofing to monitor the communication traffic between the two. Third, DoS attack test. Set the bandwidth upper limit to 10Mbps for the virtual interface eth0 of the service resource VM7 and set the bandwidth upper limit of eth1 of VM6 to the same to monitor abnormal traffic rate. According to formula (16), if the attack traffic is greater than 18Mbps, it will constitute a DoS attack. To compare the defense effects of SbSR architecture against DoS attackers of different credit types, VM3 is granted initial access and regarded as attacker A., then cancel its initial access permission and regard it as attacker B; in addition, to demonstrate the defense function of VM6 as SDP AH, it is assumed that VM4 has been compromised and becomes a common host. Then, based on VM3 as attacker A and attacker B, the hping3 3.0.0 tool is used to attack VM7 with 10-s SYN Flood attacks respectively. The two options of "− d 200" and "-Flood" are used in the attack command to send packets with the size of 200 bytes as soon as possible. The OFTest tool is used to test the flow rate based on VM6 and VM7 respectively. Fourth, topology detection test. Using the XCAP tool, by constructing a probe packet with MPLS header label starting from 17 and increasing by 1, TTL = 1 and ICMP header as "Echo Request", the label and topology of network devices directly connected (the first hop) in the domain are exhaustively detected, and more label and topology probes are carried out in order of hop count and TTL increasing. In the baseline SR scene, the topology in the  Fig. 8, the security overhead of the SbSR architecture mainly brings more startup delay. Therefore, the network based on the SbSR architecture is compared with the baseline SR network for 10 times of delay tests. Calculate the delay overhead from network startup to the normal operation of all network components, that is, the startup and verification time required by SDP IH to access service resources.
Safety function test results and analysis. Port scanning. As shown in Fig. 10a, in the baseline SR scenario, the scan finds that VM7 opened ports 21, 22, 80, and 111, demonstrating that there is no protection against port scanning at this time, which enabled VM3 to successfully scan ports on VM7. In the SbSR scenario, the result is shown in Fig. 10b, and there is no response. This is because VM3 polls and scans each port frequently in the scanning process. According to the trust penalty function specified in formula (32), trust of VM3 drops   www.nature.com/scientificreports/ below the SDP AH trust threshold, and SDP AH will discard all scan packets received by default. Therefore, VM3 cannot scan for network resource port information of VM7.
Traffic monitoring based on a man-in-the-middle attack. By using Wireshark to capture packets, in the baseline SR scenario, the result is shown in Fig. 11a, it is found that the DNS messages between VM6 and VM7 were in clear text. At this time, VM5 could directly obtain the effective communication content between them without decoding, because no encrypted connection is realized between VM6 and VM7. In the SbSR scenario, as shown in Fig. 11b, the communication content between VM6 and VM7 is carried by TCP packets and has been encrypted. It is difficult for VM5 to eavesdrop on VM6 and VM7 based on MITM attack. This is because the mTLS encrypted connection has been established between SDP AH and VM7. Middleman VM5 is unable to decipher the encrypted messages.
DoS attack. The attack command is shown in Fig. 12a. It can be seen that the average packet sending rate of the DoS attacker is about 14412packets / s, that is, the bandwidth occupied is 22Mbps, which meets the DoS attack conditions according to formula (16). The test results based on the baseline SR and SbSR scenarios are shown in Fig. 12b. The blue line indicates that in the baseline SR scheme, the traffic rate based on VM7 increases rapidly due to attacks, and the number of received packets is twice as many as the number of sent packets. This is because the captured streams include SYN attack packets and ACK response packets replied by VM7. The red line indicates that in SbSR scheme, for attacker A, the rate of traffic captured based on VM6(SDP AH) increases rapidly, and the captured traffic also includes SYN attack packets and ACK response packets. However, after the SbSR model detects the DoS attack, VM3 quickly lost its trust and cannot continue to transmit attack traffic. The purple line is the traffic rate captured by the eth1 interface based on VM7, which is basically the same as the red line but slightly delayed. This is because the packet type captured on VM7 is basically the same as that on VM6, but slightly delayed for the start and end of attacks on VM3 due to the ethernet interface buffer size. Topology detection based on label detection. The attack packet settings are as shown in Fig. 13. In the baseline SR scenario, the ICMP timeout message can be found through packet grabbing. Because the ID field of the detection message is synchronously traversed with the SR label value, the label value of the next-hop can be judged according to the IPv4 header ID field, and according to this, it is successfully detected that the labels of the two nodes directly connected to the domain entry node R1 are 16,002 and 16,003 respectively, and then the label of R1 itself is detected as 16,001. This is because no real-time trust control mechanism has been established for access devices, resulting in the hop-by-hop traversal detection of the intra-domain topology by the host VM4 can be successfully realized. In the SbSR scenario, ICMP messages fail to be captured. The reason is that the labels of packets sent by the SDP AH are increasing, and the trust value of the packets decreases rapidly. As a result, access of VM4 is denied and detection attacks are blocked.
Routing loop attack based on directional label. Attack packet Settings are shown in Fig. 14a. In the baseline SR scenario, the Iperf tool is used to measure the available bandwidth. The available bandwidth decreases after www.nature.com/scientificreports/ the attack starts. The Wireshark tool is used to capture packets and the result show that the packets are running continuously in the network and occupy certain bandwidth due to loops. In the SbSR scenario, the available network bandwidth measured by Iperf tool is shown in Fig. 14(b). It can be seen that the average available network bandwidth decreases by about 47.6% after the loop attack starts at the 5th second, until it recovers at about 8.4 s. This is because SDP AH enables the trust penalty mechanism for SDP IH according to formula (32) after detecting the routing loop, resulting in the invalid access credentials of VM3 and the deletion of the imported routing loop packet.

Performance overhead test results and analysis. The delay numerical distribution box figure is
shown in Fig. 15. Based on the data distribution of 1-10 experiments, it can be seen that the average startup delay increment introduced by the SDP component in SR network is 8.31 s, which is a one-time delay generated during startup. And the introduction of new SDP IH and SDP AH will introduce 2.84 s and 5.25 s of average startup verification delay respectively. Based on the data distribution of 2-10 experiments, it can be seen that for SDP IH and SDP AH with network records, the average delay decreases to 2.44 s and 4.68 s respectively, and the average increment of total delay decreases to 8 s. This is because SDP IH and SDP AH rapidly improve their trust value according to the trust inheritance mechanism specified in formula (35) and (39). In fact, because the deployment of SDP AH is relatively fixed, the main impact of the introduction of the SbSR architecture on network service performance is the introduction of an average startup and validation delay of about 2.84 s each time a new network agent is connected, which is acceptable compared to the average failure time of the network caused by attacks. At the same time, this delay is directly related to the trust management mechanism and can be further reduced by optimization of related algorithms. From the perspective of algorithm complexity, based on the analysis of the mechanism overhead composition and magnitude in "SbSR overhead analysis" section, assuming that the number of network agents in the network is n N−agent , the network agent enable speed is a fixed value v e , and the calculation amount of each trust evaluation and trust renewal of a network agent is a fixed value k , the evaluation interval is t , and the network agents are enabled one by one (not simultaneously). At this time, the main performance overhead of SbSR is concentrated in the component enablement overhead (second level), followed by the trust evaluation and trust renewal cost in the access control overhead (sub-second level). The component enablement overhead has nothing to do with the algorithm of the SbSR mechanism itself, and it will introduce a time cost with a time complexity of O( n N−agent v e ), resulting in a significant increase in network time delay, therefore, the 2.84 s average startup verification delay introduced by new network agent is mainly composed of the component enablement delay; for the latter overhead, since the trust calculation time is extremely short and frequent, the calculation overhead with time complexity of O( kn N−agent t ) will be mainly introduced, and has a lower latency impact on the network. Therefore, the time overhead of the SbSR model is related to the number of network agents enabled one by one, and the computational cost is related to the trust evaluation interval, the calculation amount of proposed algorithm, and the number of network agents. www.nature.com/scientificreports/

Conclusion and future work
Segment Routing technology has been proved by practice to be a better implementation form of SDN, but its data plane is faced with many security problems such as data tampering, malicious access, denial of service attack, and so on. For the SR data plane, this paper proposes a security model based on SDP trust enhancement architecture. By setting mechanisms such as initial trust grant, evaluation, renewal, and inheritance for SR data plane access devices, the proposed model can evaluate and control their trust value in a process. After 6 kinds of security functions and cost tests, it is proved that the proposed model can improve the security performance of the SR network data plane to a certain extent with affordable delay cost, indicating that the introduction of the SDP architecture may provide better security performance for the existing network, and this security solution is worth being applied to other scenarios. At the same time, by reviewing the model design and test results, it can be seen that the method and indicators used by the model proposed in this paper to grant initial trust values and evaluate real-time trust may not be perfect enough to deal with other new threats, and cannot detect malicious routing devices in the network domain. Next, we will focus on the initial trust grant mechanism and real-time trust evaluation mechanism, relevant verification, and evaluation indexes and algorithms will be improved, and the trust management mechanism for routing devices will be supplemented and improved.  www.nature.com/scientificreports/